Bring Your Own Keys and What It Signals
BYOK is framed as a pricing feature. It's actually a statement about whether a product wants to be in your data flow at all.
There's a feature in AI tools that gets filed under pricing but belongs somewhere closer to politics.
When a tool offers to "bring your own API key" — your own OpenAI key, your own Anthropic key — the obvious interpretation is cost. You pay the model provider directly, at their published rate, with no markup. That's real. But it's not the interesting part.
The interesting part is what BYOK removes.
When you plug in your own key, the tool is no longer in your data flow. Your prompts and completions travel directly between your client and the model provider, authenticated by credentials you hold. The software you're using — the app, the IDE plugin, the note tool — becomes a thin wrapper. It shapes the interaction, but it doesn't touch the payload. It can't log your conversations. It can't inspect what you asked. It can't, in principle, build a shadow model of your behavior from your queries.
This is not a small thing. It's the difference between a product that serves you and a product that routes you.
The two meanings of BYOK
In enterprise security, BYOK means something slightly different: bringing your own encryption keys to a cloud service, so that you — not the vendor — control what can be decrypted. AWS, Azure, and IBM have supported this model for years, marketing it to compliance-heavy industries as "data sovereignty." The pitch is: even we can't read your data without your permission.
The AI API key version is structurally similar. You hold a secret. The product you use cannot operate on your behalf without it. If you revoke the key, they're done. There's no shadow copy of your context. No accumulated history they retain but don't show you. The relationship has an off switch you actually control.
Both versions are answering the same question: who has leverage here?
What the absence of BYOK says
By late 2025, VS Code had added BYOK support for AI models. JetBrains launched it in December of that year. A directory called BYOKList appeared, cataloguing AI tools that let you use your own key — which is a strange kind of honor roll, when you think about it. A list of tools that opted out of the data pipeline. The existence of the list implies the default is the opposite.
Most AI tools don't offer BYOK. That's not a conspiracy. There are legitimate engineering reasons: managing your own inference means managing reliability, rate limits, model versioning. Simpler to proxy everything through a single internal key and handle all that yourself. Simpler, and also more lucrative — a markup on API calls is a real revenue line.
But the engineering justification and the business justification point in the same direction: we want to be in the middle.
That's fine. It's a product choice. You just need to notice what it implies.
What you're actually consenting to
When a tool proxies your AI calls through their own key, you're not just paying a markup. You're enrolling in a data relationship you haven't fully negotiated. Terms of service permit a lot. Most tools are careful. But "careful" and "unable" are different things, and the difference matters when the content is your thinking, your plans, your drafts.
There's a version of this argument that slides toward paranoia, so I'll stop short of it. The realistic concern isn't that any specific company is doing something nefarious with your API traffic. It's that you don't know what they're doing, and you've given them the capability to do things, and that asymmetry compounds over time as the tools become more capable and more integrated into your actual work.
The question is whether you care. A lot of people don't, and that's reasonable. But the people who do care — who think carefully about what data flows where — don't have a good way to tell which products share that value without digging into architecture docs or terms of service legalese.
BYOK is a readable signal. It says: we don't want to be in your data flow. We are comfortable with a model where you could revoke our access entirely and we'd have nothing left of yours. That's a specific kind of confidence — in the product itself, not in accumulated data about you.
The pricing angle isn't nothing
Worth saying: the cost argument is real. API call markups are often steep, and power users who pay attention notice. At meaningful volume, paying Anthropic directly versus paying a product's premium rate is a meaningful difference. BYOK eliminates this cleanly. Your billing shows exactly what inference cost, no bundled mystery.
That transparency is itself a signal. Products that expose cost clearly are saying they're not trying to obscure it. It's a small trust gesture. Not heroic, but honest.
What I noticed when we built it
Harbor supports BYOK from the start — plug in your own Anthropic key and your model calls go directly from your client to Anthropic. We're not in that data flow. We don't log your conversations. We don't see your prompts.
This was a deliberate choice. The alternative — proxy everything, capture what we can — is also a choice, and a lot of tools make it.
What I've noticed is that the users who care about BYOK also tend to care about the same cluster of other things: portability, audit trails, markdown files on disk, self-hosting. It's a consistent set of values, and BYOK is one of the more legible surface expressions of it. When someone sees BYOK on the feature list and their eyes light up, I know what kind of person I'm talking to.
They want their tools to be honest about what they're for.
Asgeir Albretsen is the founder of Harbor.